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(54) System and mettiod for securing and validating data using signatures, encryption, and 
feedback 



(57) A system and method for generating a finger- 
print of a data signal that combines signature genera- 
tion, encryption, and preferat)ly random nunrber 
feedback, which may be employed twth to secure data, 
and to validate secured data to ensure ttiat the data has 
not been tampered with l>y unauthorized users. The 
system generates a fingerprint of a data signal 
(DATA_IN) which conrprises one or more data compo- 
nents (<pATA_1 > - • • <DATA_f^)). A first levd signa- 
ture generator (202. 604) receives and generates a 
signature on at least one of the data oomppnerrts to pro^ 
duce a first level signatura A first signal combiner (204f 
608) receives and combines a second^set of the data d 
components and the first4^d<^jignature into a com- 
bined signa].^^liata encryptor- (206 receives thei^ 
cornt)ined signal and generates an errcrypted sign^-iA 



bined signal. 
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second level* sigJSSure^generalw (208. 612) receives 
'^the encrypted signal and generates the fingerprint. The 
system may include at least one other first level signa- 
ture generator (606) wtiich receives arxj generates a 
signature on a third set of data components to produce 
at least one other first level signature, such that the first 
signal combiner (608) also receives and combines the 
additional first level signature into the conft»ned signal. 
A random number generator (602) which generates a 
random number tor use by at least one portion (604, 
606, 608, 610. 614) of the system may be included to 
Introduce randomness into the fingerprint The system 
may also include an encoder (614) which encodes the 
rarxlom number or a signature of the random number 
into the fingerprint. The random numt>er may also be 
used in generating the first level signature or the com- 
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Description 

Field of the Invention 

[0001 ] TTie present invention relates generally to the s 
field of data security, and more particutarty to a system 
and method for securing data using signatures, encryp- 
tion, and feedback 

Bachgrowxl of the Inyentjon jo 

[0002] Providing security for data is irrporlant in appll- 
cat'ons which require that only authorized users modify 
particular data. Exanple appiicatiorts wftere security 
may be required include applicatians involving conf iden- is 
tial cGent records (e.g.. medical, bank account and per- 
sonnel records), da^ or configuration files shipped with 
software by software manufacturers for use only by 

t licensed users, and in analog signal authentication. 

y [0003] One present day technique for securing data is 20 
known as 1ing»'printing"^Rng»prints, or "signatures', 
are generated by passing the data:tfiroDgh a signatuire 
! alglonthrh. The signature algorithm may be as simple as 
^dtiedcsum generator, or may be much more sophisti- 
cated. A common feature of signature gerreration is that 
a given signature aigoritfim will always produce an iden- 
tical signature when fed identical data. Sigrtature algo- 
rithms are commonly employed in validating data 
because they provide a simple mettwd of d^ermining 
whether the data has t>een corrupted. One example of a so 
common signature application may be iounti in the soft- 
ware industry. Often, a digital file produced by software 
manufacturer win be run through a signature algorithm 
to generate a signature on the contents of tfie file. The 
signature may be generated on a line by line basis, on ss 
ttie entire ffle. or in various other formats. Typically the 
signature s appended to the end of each line, or the end 
of the file, or in some appropriate location accorcfing to 
the specified format The signed file then t>e 
shipped with the product. At startip of the applkation, 40 
or when the f Be is to be used, the software will typically 
include fQe validation means, which includes the signa- 
ture algorithm. The fQe validation means is configured to 
regenerate each of the signatures based on the appro- 
priate data in the file, and ensure ttiat each regenerated 4s 
fingerprint matches each fingerprint located in the ffle 
before proceeding. If the regenerated fingerprint does 
not mateh the f3e fingerprint, it is assumed tfiat the data 
has t>een corrupted. The signature algorithm has been 
effectively used ttiroughout tine software industry to so 
detect corrupted data. However, one (imitation of the 
use of signature algoritiims is tiiat once the signature 
algoritiim is known, a valid f ingerprint may be generated 
on the data at any time. Accordingly, if a user modifies 
the data and knows the signature algorithm, the user ss 
may generate a new vaOd signature on the modified 
data and replace tiie original signature wHh the new 
valid signature. Thus, when validating the nxxlified 



data, the signature algorithm w3l regenerate the new 
valid signature and interpret the data as being valid. 
Accorcfingly, fingerprinting tsased solely on signature 
algorithms are unable to detect that tfie data has been 
modified. 

[0004] Onedata security technique tiiat has received 
a fot of attention is known as "efXTyption". Encryption 
techniques are much more sophisticated than signature 
algorithm techniques in that they typically require a 
cipher key to both encode and decode the data. Accord- 
ingly, even if the encryption aigoritfim is known, the 
encrypted data cannot be decoded or regenerated with- 
out the proper cipher key. Encryption may therefore be 
more effective in securing data and preventing uriau- 
thorized users from modifying the data. However, ttie 
use of encryption techniques is limited by U. S. Export 
Control Regulations. However, wfien encryptimi tech- 
niques are used only to erxxxie, arxi not to decode, the 
technology is less tightiy controlled. 
[0005] It is dear from the above dscussion tfiat a 
need exists for an alternative fingerprinting technique 
which may be used for detecting not only tfiat the data 
itself is valid, txit also that the data has not been modi- 
fied by an unautiiorized user. Such a tecfmique is 
required in applications where it is critical to allow only 
autfiorized i^ers to modify the data. 

Surprriary of the Inventipn 

[0006] In accordance with the invention, a system and 
method are descrit>ed herein for generating a fingerprint 
of a data signal tfiat includes one or more components. 
The technique for generating tfie fingerprint corrtMnes 
signature generation, encryption, and preferat>ly ran- 
dom number feedback which hinders the ability of an 
unauthorized user to reverse engineer the process of 
generating a valid f ingerprint The invention may ttiere- 
tore be empfoyed both to secure data, and to validate 
secured data to ensure tfiat the data has not been tam- 
pered with by unauthorized users. 
[0007] In one embodiment, a first level signature is ■ ' 
generated on at least one of tiie data cornponents: Tn^j 
first leirel stgri^re is tihiW) cc»nbined wth one cm* more of ^ 
tiie data corrponents, and^the combination is then 
encrypted A second level signature is then generated^ 
on the encrypted signal to produce the fingerpwrint/A 
random nuniber may t>e generated. The combination 
signal may then include the rarKfom number and or a 
first level signature of the rarxtom numt)er to introduce 
additional security. The random number may also be 
oomt)ined wth the encrypted signal such tfiat tiie finger- 
print includes the random number. In one embodiment, 
an enayption algorithm which is used to generate tiie 
encrypted signal may be initialized witti a known seed, 
preferatily supplied by the user. Where tfie fingerprint 
includes the random numt^er, the random number may 
be used as a feedback mechanism to reseed tiie 
encryptbn algoritiim for the next input data signal and to 
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thereby allow the ooder of the received data stgnats to 
be validated. To validate secured data, the process is 
repeated on the data portion of the secured data to 
regenerate a frngerprint The regenerated fingerprint 
may be conpared to the fingerprint portion of the 
secured data to d^ermine whether or not the finger- 
prints match. Matching fingerprints indicate that the 
data is vaJid and ttiat it has not been tarrpered with. A 
mismatch of the fingerprints indicate that the data is cor- 
rupt or has been tampered with. 
[0008] An apparatus in accordance with ttie invention 
includes at least one first level signature generator, 
wtiich receives and generates a digitBl signature on a^ 
least one of the data opmponent^ A signal combiner^ 
provided to combine one or more of th&data^comp^ 
nents and at least;one first level dtgi^ signature into 
cornbined signa^^ A <:<tata encryptor generates an"" 
^encrypted signal frorn the combined signal. A second 
le/el signature gen^ator generates a signature on the 
encrypted signal, which is output as the fingerprint A 
random nmiber generator may also be provided to gen- 
erate a random number for input to one or more of the 
first level signature generators arxJ or to tfie sigr^ com- 
biner to be inctuded in the combined signal. A second 
signal connbiner may be included to combine the ran- 
dom number with the fingerprint to allow the random 
number to be extracted from the fingerprint for validation 
purposes. The rarxlom number may be used to seed 
the data encryptor for generating the next encrypted 
signal. When used in this manner, the inclusion of a rar>- 
dom number in the fingerprint allows the order of the 
received signals to be validated as weO. 

Brief Descriptions of the Drawings 

[0009] The objects arxi advantages of the invention 
vn'll become more apparent and more readily appreci- 
ated from the following detailed description of the pres- 
ently preferred exemplary ennbodiment of the invention 
taken in conjunction with the accompanying drawing, of 
wtiich: 

FIG- 1 is a flowchart of a method in accordance with 
the invention; 

FIG. 2 is a block diagram of a system in accordance 
with the invention; 

FIG. 3 is an example digital file comprising lines of 
data wtiich are to be secured used herein for illus- 
trative purposes; 

FIG. 4 is an example output file generated on the 
example digital file of FIG. 3, used herein for illus- 
trative purposes; 

FIG. 5 is a flowchart of an alternative ennbodiment 
of a mettvxJ in accordance with the inverrtion; 
FIG. 6 is a block dia^am of a system in accordance 
with the embocfiment of FIG. 5; and 
FIG. 7 is an example digital file generated the 
example digital file of FIG. 3 using the system of 



RG. 6. 

Detailed Description of the Present Invention 

s [0010] A nrechanism for securing data is described 
herein which may be used to prevent unauthorized 
users from tampering with the secured data. In accord- 
ance with the irrvention. the data to be secured is com- 
bined with digital signaturies of the d ata to be secured. 
10 The combination is then encrypted and a digital signa-^ 
ture is theri obtained on the encrypted combinatiorL In a 
preferred- embocfiment a random number which is 
known or may be derived by authorized users is intro- 
duced to seed the encryptor. Further in accordance vnth 
15 the invention, the order of an entire data file may be 
secured by generating a random number which is to be 
used when vaOdating the next received data signal and 
encodir>g it into the fingerprint of the current data signal 
that is generated. As a further enhancement the ran- 

20 dom number and a digital signature of the random 
number may be combined with the data to be secured 
and its digital signatures before being encrypted. The 
inverrtion may be used in any applk:ation wtiich requires 
data security or where it is desired to ensure that the 

25 data has not been subject to end-user tampering. The 
invention may be used both to secure the data and also 
to validate the data. In ttiis regard, secured data may be 
validated by regenerating the fingerprint for each data 
signal and conparirtg the regenerated fingerprint to the 

30 previously generated fingerprint accompanying the 
secured data signal. A mismatch t>etween the regener- 
ated fingerprint and the prevfously generated fingerprint 
indicates that the data has been modified. 
[0011] FIG. 1 isaffowctiartof ametfiodinaccordance 

35 with the invention. In the embedment of FIG. 1, the 
method operates to receive a data signal comprising 
one or more data components, and to generate a 
secure fingerprint on the data signal. In accordance with 
the invention, tfie method, shown at 100, begins in step 

40 102 by receiving the values of the data conponents of 
the data signal. In a digital system, the data compo- 
nents may be one or more elements of a dgital param- 
eter. In an analog system, the data components may be 
different frequency corrponents of a sinusoidal signal. 

45 Once the data components are received, a signature is 
generate d in step 104 on one o r more of the data com- 
pbnents. i he sjgnaturg ofthe one or more data com- 
ponents are~Vn& n cohiDtned with one or more ot the 
acfaiaL gaia cornpone nmiuub in Step 1 06 to ^enerate"a ' 

50 oomtiinecl signainrrst^nosrffi Cjpo^T^^ed signal i s 
then encr yEteitusirig.any_ suitat3le aiCTypBon algonffim 
to generate an encrypteb sigria]. Iri step 110, a signa- 
ture of the encrypted signal is generated to produce an 
encrypted signal signature The encrypted signal signa- 
ls ture is tfien output as the fingerprint of the data signal in 
step 112. 

[P012] FIG. 2 itiustmtes a bfock diagram of a system 
in accordance with the invention. As shown, ttie system 
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includes a first level generator 202, a signal connbiner 
204, adata encryptor 206, and a second level signature 
generator 208. First level signature generator 202 
receives at least one component of data signal 
DATAJN. In a digital system. DATA_IN will typically 5 
comprise one or more dgrtal values in tfie format 
< value_1 ) • • • (value_n ) . wt>ere n may be any integer 
value greater than zera In an analog system, DATA_IN 
may corrprise any number of components separated 
into any suitable format (&g. , frequency conponents, or to 
voHage or currerrt ranges). In FIG. 2, first level signature 
generator 202 may be configured to utilize any or all of 
DATAJN's components. First level signature generator 
202 generates a first level signature on each of the com- 
ponents of DATAJN that are input to it. The first level js 
signature may be output as a single signal, conprising 
a comtMned signature of all the input DATA_IN compo- 
nents, or may be output as separate signature compo- 
nents, compri^ng a separate signature fc>r each 
separate input DATAJN corrponent or any combina- 20 
tion thereof. The method of generating the first level sig- 
nature may vary from implementation to 
implementation. For example, in a digital system, the 
first level signature generator may corrprise means for 
implementing* the popular MD5 algorithm. The MD5 25 
algorithm is known in the art and is described in more 
detail in Ronald L Rivest. RSA Data Security, Inc., The 
MD5 Message-Digest Algorithm', Internet Engineering 
Task Force (lETTO Network Working Group RFC #1321 
(Apr.. 1992). Other suitable signature algorithms which 30 
may implemented in the signature generator may also 
include the well-known MD3, MD4, or RlPMD-160 algo- 
rithms. The MD3 and MD4 algorithms are variations of 
MD5. RIPMD-160 is descrbed in detail in Antoon Bos- 
selaers, Hans Dobbertin, and Bart Preneel, "RIPMD- 35 
160 - Cryptographic Hash Function', Dr. Dobbs Journal 
(Jaa 1997). 

[001 3] Signal combiner 204 receives the first level sig- 
nature generated by first level signature generator 202. 
Sigrtal combiner may also receive one or more of tfie 40 
DATAJN components as well. The particular DATAJN 
components received by signal combiner 204 may be 
the same as. or different from, the DATAJN compo- 
nents received by first level signature generator 202. 
The purpose of signal combiner 204 is to comt>ine each 4S 
of the first level signature conrponents arxJ each of tfie 
received DATAJN conrponents in a known manner irrto 
a combined signal. In a digital system, tfiis may t>e 
accomplished tiy concatenating each of the compo- 
nents together to produce a digital value. In an anak>g so 
system, tftis may be accomplished by modulating or 
mixing all of the components together to produce a 
modulated combined signal. 
[001 4] Data encryptor 206 receives the combined sig- 
nal generated by signal connbiner 204 and encrypts it to 55 
produce an encrypted signal. Encryption techniques are 
known in the art For example, in a digital system, suita- 
ble encryption algoritfims may include the AS algorithm 



or the Tiny Encryption Algorrtfvn C^EA). both of which 
are known in the art TEA is descr3>ed in detaB in David 
Wheeler and Roger Needham, "TEA - A Tiny Encryp- 
tion Algorithm', Computer Laboratory, Cambridge Uni- 
versity (Nov., 1994). In an anak)g system, encryption 
may be achieved using signal scattering techniques. 
[DDI 5] Second level signature generator 208 receives 
the encrypted signal generated tiy data encryptor 206 
and generates a signature on it. In a digital system, tfie 
digital signature may be generated using the known 
MD5 algorithm, or any other signature generating algo- 
rithm. FIG. 3 is an exanple of a digital file comprising 
lines of data wfvch are to be secured. In the embodi- 
ment of FIG. 3. DATAJN includes one line of data, 
which may comprise 1 to M data values { DATA_1 ) 
• • • { DATA_M > . Accordingly, DATAJN may have up to 
M components. In the embodiment of FIG. 2, first level 
signature generator 202 may receive any one or more of 
the DATA_IN coirponents upon which to generate the 
first level signature. Signal combiner 204 receives the 
first level signature and may receive any combination of 
the DATAJN components from wfuch it generates a 
combined signal. The combined signal is encrypted t>y 
data encryptor 206, and the fingerprint generated by 
secorxl level signature detector. In tfiis exanple. tfie fin- 
gerprint is appended to the line of data in an output file. 
Each line in the digital file of FIG. 3 is similarty finger- 
printed. When each line has been fingerprinted, the out- 
put file preferably looks like the file shown in FIG. 4. 
Thus, each line in the secured file has a format of 
(DATA_1) {DATA_M) {FINGERPRINT_X>, 

where X corresponds to the Rne number of tfie data in 
the file. 

[00161 FIG.5isaftowchartofamethodinaccordarx;e 
with tfie invention. In the embodiment of FIG. 5, the 
method operates to receive a data signal comprising 
one or more data components, and to generate a 
secure fingerprint on the data signal. In a preferred 
embodiment the method also operates to receive an 
initial seed value from which tfie encryption algorithm is 
initialized. In accordance with the invention, tfie metfiod. 
shown at 500. preferably begins in step 502 by receiving 
a known seed value and initializing the encryption algo- 
rithm. A random number is generated in step 504 and 
the data components of tfie data signal are received in 
step 506. In step 508. a signature is generated on one 
or more of the data components and or random number. 
The signati^es of the one or more data components 
and or rarxtom number are then combined with one or 
more of the actual data component values and or ran- 
dom number in step 510 to generate a combined signal. 
In step 512, the combined signal is then encrypted 
using any suitable encryption algorithm to generate an 
encrypted signal. In step 514. a signature of the 
encrypted signal is generated to produce an encrypted 
signal signature. The encrypted signal signature is then 
preferatily comtxned with the rarxtom numt>er in step 
516 to generate a fingerprint for tfie data signal. The fin- 
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gerprint is output may be output in step 518. 
[0017] If ttie data signal is being validated, the finger- 
print is then conpared to an expected fingerprint in step 
520. If the fingerprints do not match, as determined in 
step 522, the nu'sn^atch is indicated in step 524. A mts- s 
match indication signifies that the received data sigr^ 
is not the same as the original data signal. If the finger- 
prints do match, as determined in step 522, an indica- 
tion that the data signal is valid may be procbx»d in step 
530, or the process may be repeated on additional data io 
signals. If additional data signals are to be chected. as 
determined in step 526, the encryptor is preferably re- 
seeded in step 528 with the random number generated 
during the current validation process before repeating 
steps 504 - 530 (where applicable). is 
[0018] Fia 6 iOustrates a block diagram of a system 
in accordance with the embodiment of FIG. 5. The 
embodiment of FIG. 6 includes a random number gerv 
erator 602. Random number generator 602 generates a 
random number. Random number generator 602^ may 20 
be seeded with an initial value SEED_1 that will prefer- 
ably be known by or made known to authorized users of 
the data when validatwn of the data is performed. Ran- 
dom nunnber generators are known in the art Accord- 
ingly any random number generator conpatWe with the ss 
type of system may be employed therein. 
[001 9] The system embodied in FIG. 6 includes one 
or more first level generators 604 - 606. Rrst level signa- 
ture generator 602 receives at least one component of 
data signal DATAJN. In a digrlaJ system. DATAJN wQI so 
Jypically compri se^one or more digital value s in the for- 
mat <value_1) • • • <value7i>. where n may be any 
integer value greater than zera In an analog system, 
DATAJN may comprise any number ol components 
separated into any suitable format (e.g„ frequency com- as 
ponents, or voltage or current ranges). In Fia 6, eachoL 
first tevelsiqnature genera t ois 604 - 606 may be config - 
ured to utilize any or all oLDATA IN's components, as 
descrbed previously with respect to first level signature 
generator 202 of FIG. 2. Furthermore, each of first level 40 
signature generators 604 - 606 may receive similar 
ones of. or completely different ones of, DATAJNTs com- 
ponents. In addition, any or all of first level signature 
generators 604 - 606 may receive the random number 
generated by random nurrtwr generator 602. Also in 4S 
accordance with invention, any or all of the first level sig- 
nature generators 604 - 606 may be configured. to 
receive the random number but none of the DATA_IN 
components. It wiD be dear to those skilled in the art 
that the number of different permutations of possble so 
number of first level signature generators and various 
combinatons of inputs signals to the first level signature 
generators are many. Accordingly, the particular 
embodiment for a given implementation may vary from 
application to application. Each first level signature gen- ss 
erator 604 • 606 generates a first level signature on 
each of the components of DATAJN and/or random 
number that are input to it. The first level signature may 



be output as a single signal, comprising a combined sig- 
nature of all the input DATAJN oomportents andJof raxv- 
dom number, or may be output as separate signature 
components, comprising a separate signature for each 
separate input DATA_IN component and/or random 
number, or any oorrtwnation ttiereof. 
[0020] Signal combiner 608 receives each of the first 
level signatures generated by first level signature gener- 
ators 604 - 608. Signal combiner 608 may also receive 
one or more of the DATAJN components and/or ran- 
dom number as well. Signal comtnner 608 combines 
each of the fffst level signature components and each of 
the received DATAJN components and/or random 
nurrto in a known marvier into a combined signal. 
[0021 ] Data erK^yptor 610 receives the combined sig- 
nal generated by signal combiner 608 and encrypts it to 
produce an enorypted si^. Data encryptor 610 may 
be seeded by a known seed SEED which is preferably 
known, or is capable of being known, when the data is 
validated. In a preferred embodinient SEED is a key 
derivable from a registered license number of an 
authorized user. As discussed hereinafter, SEED may 
also be a rarxlom number ttiat is erKOded into a previ- 
ously generated fingerprint 

[0022] Second level signature generator 61 2 receives 
the encrypted signal generated by data encryptor 610 
and generates a signature on it to produce a second 
level signature. The second level signature may be uti- 
lized as the fingerprint 

[0023] Alternatively, the second level signature may 
be combined with the random nurrt>er generated 
random number generator 602 by encoder 614 to gen- 
erate the fingerprint Encoder 614 may directly conrtMne 
the random number into the fingerprint {e.g., by con- 
catenating the rarxtom number to the second level sig- 
nature) or may be further encoded and then cont>ined 
with the second level signature. For example, encoder 
614 may generate a signature of the random number 
before corrtxning it with the second level signature to 
generate the fingerprint. 

[0024] An embodiment that con^nes the random 
number into the fingerprint may be used to provide an 
additional security feature of authenticating the order in 
which the data is received. The order in which data is 
received may be secured by utilizing the random 
number of the immediately previously generated finger- 
prirrt as the seed SEED input to data encryptor 610. 
Preferably data encryptor 610 generates a different 
encrypted signal given the same combined signal for 
each drfferent seed it receives. Accorcfingly, during vali- 
dation, which is discussed hereinafter, if tfie order of the 
received data is tanpered with, an incon^ect seed (i e.. 
the rarvf om number from the fingerprint of data which is 
not supposed to precede the current data) win be input 
to data encryptor 610. causing it to generate a different 
f Digerprint of the same signal than if the seed had been 
correct (i.e., the random number from the fingerprint of 
the data which is supposed to precede the current 
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dala). a 
[0025] FfG. 7 is an exanple of a digital file containing 
secured data v^ich may be generated from the exam* 1. 
pie digital file of FIG. 3 using the system of FIG. 6. In the 
embodiment of FIG. 7. the second level signature (i-e.. s 
FINGERPRINT_Z. where Z::1 • • • J) generated by sec- 
orxl level signature detector Is combined with tfie ran- 
dom number generated by random number generator 
602. which together are appended to the Gne of data in 
an output file. Each fine in the digital file of FIG. 3 is sinv io 
ilarty fingerprinted, to produce the output file of FIG. 7. 
Thus, each Gne in the secured file has a format of 
{DATA_1> (DATA_N+M> (FINGERPRINT_Z) 

<RAND_Z} , where Z corresporxls to the Bne number of 
the data in the file. is 
[0026] The invention may be used to validate secured 
data. To validate secured data, the data portion of the 
secired data is input to a system configured in the 
same manner as that used to secured the data to gerv 
erate a regenerated fingerprint The regenerated finger- 20 
print rs generated in a manner identical to the manner in 
which the original fingerprint was generated. The regen- 
erated fingerprint (preferably including the rarxjom 
number) is then compared with the e^^ected fingerprint 
(i.e.. the fing^print portion of the secured data, prefera- 25 
biy including the random number portion) by oompara- 2. 
tor 616. ConfT>arator 616 compares the regenerated 
fingerprint with ttie eotpected fingerprint and generates a 
match signal which irxiicates whether or not the regen- 
erated fingerprint matches the expected fingerprint. A 30 
ntismatch indicates that the data and/or order of the 
data has t>een modified. 

[0027] When validating a data file such as that shown 
in FKa. 7, if the regenerated fingerprint and expected fin- 
gerprint match for the first secured line of data, the ran- 35 
dom number from the current iteration is sent to data 
encryptor 610 as the SEED and the next tine of data in 
the secured data file is input to the system for validation. 
Each line of data is simBarly validated, vwth the random 3. 
number contained in the fingerprint of its previous line of 40 
data being used to reinitialize the data encryption algo- 
rithm in data encryptor 610. This feedback mechanism 
allws the order of the data in the file to also be vali- 
dated, tf a mismatch occurs between a regenerated fin- 
gerprint and its expected fingerprint either the data 4S 
itself or the order of the data has be^ modified. 
[0028] It will be appreciated from the atx>ve detailed 4. 
description ttiat the invention provides a mechanism to 
allow data to be secured by authorized users, and to 
allow secured data to be validated to ensure ttiat the so 
data has not been corrupted or tampered with by unau- 
thorized users. While inustrative and presently preferred 5. 
embodiments of the invention have been descra>ed in 
detail herein, it is to be understood that the inventive 
concepts may be otherwise variously embodied and 55 
employed and that the appended claims are intended to 
be construed to include such variations except insofar 6. 
' as limited by the prior art 



A system for generating a fingerprint of a data sig- 
nal (DATA_IN), said data signal conprising one or 
more data components ((DATA_1 )• • • (DATA_M)). 
comprising: 

a first level signature generator (202. 604) 
which receives and generates a signature 
on a first set of data components to pro- 
duce a first level signature, said first set 
of data components comprising at least 
one of said one or more data components 
({DATA_1 >• - • <DATA_M>): 
a first signal combiner (204, 608) which 
receives arxi contMnes a second set of said 
data components and said first level signature 
into a combined signal; 

a data encryptor (206, 610) which receives said 
combined signal and generates an encrypted 
signal: 

a second level signature generator (208. 612) 
which receives said encrypted signal and gen- 
erates said fingerprint 

The system of daim 1 , comprising: 

at least one other first level signature generator 
(606) wNch receives arxJ generates a signa- 
ture on a third set of data components to pro- 
duce at least one other first level signature, 
said third set of data components comprising at 
least one of said one or more data components 
{(DATA_1)- • • (DATA_M)); 
wtierein said first signal combiner (608) also 
receives and combines said at least one other 
first level signature into said corrtxned signal. 

The system of daim 1 or 2, further coirprising: 

a random nurrtoer generator (602) wtiich gen- 
erates a random numt>er, said random nunnber 
being employed by at least one portion (604. 
606, 608, 610, 614) of said system to introduce 
randomness into said fingerprint 

The system of daim 3, comprising: 

an encoder (614) which erKodes said random 
number into said f ingerprirrt 

The system of daim 4. wherein: 

said encoder (614) encodes a signature of said 
rarxlom number into said fingerprint 

The system of daim 3. 4 or 5. wherein: 
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said first level signature is generated using said 
random number. 

7. The system of daim 3, 4. 5 or 6, wherein: 

5 

said random nurTt>er is combined Into said 
combined signal. 

a The system of daim 3, 4, 5, 6 or 7, said data 
encryplor (61 0) receiving a seed and initializing an io 
encryption algorithm based on said seed, said 
encryption algorithm implemented in said data 
encryptor. 

9. The system of daim 8, said seed comprising a pre- is 
viously generated random number combined in a 
previousiy generated fingerprint. 

10. The system of daim 1. 2, 3, 4, 5, 6. 7, 8 or 9. further 
conr|}rising: so 

a comparator (210, 616) which receives and 
conpares said fingerprint and a previously 
generated fingerprint, and produces a match 
signal indicating whether said fingerprint and 25 
said previously generated fingerprint match. 



30 



35 



40 



45 



SO 



55 



EP0 918 274A2 



102 ^ 

RECEIVE DATA COMPONENT VALUES 



I 



104 



GENERATE SIGNATURE 
BASED ON DATA COMPONENT VALUES 



106 



COMBINE DATA COMPONENT VALUES 
WITH SIGNATURE INTO 
'COMBINED SIGNAL 



108 



I 



ENCRYPT COMBINED SIGNAL 
INTO ENCRYPTED SIGNAL 



I 



^GENERATE SIGNATURE OF ENCRYPTED 
SIGNAL TO GENERATE ENCRYPTED 
SIGNAL SIGNATURE 



It 




OUTPUT ENCRYPTED SIGNAL 
SIGNATURE AS FINGERPRINT 



FIG. 1 



8 



EP0 918 274A2 



DATA.IN > 



EXPECTED 
FINGERPRINT 



FIRST LEVEL 
SIGNATURE 
GENERATOR 



202 



FIRST LEVEL SIGNATURE 
204 



> COMBINER 



I 



COMBINED SIGNAL 
206 



DATA 
ENCRYPTOR 



SECOND 
LEVEL 
SIGNATURE 
GENERATOR 



ENCRYPTED SIGNAL 
208 



> ► 



FINGERPRINT 



COMPARATOR 



210 



MATCH SIGNAL 



F/a2 



9 



EPO 918274 A2 




10 



EP0 918 274A2 



Q CO 
UJ UJ -V- 
CO 3 ^ 

< Zi m 
S ^ CD 

^ -J 

z Q 5 

o o 



n 



^ LU LZ 

E I- O 5 UJ 
CO z o ^ z 

O Z < CO 

o 



S t X o 5y 
Q e: I- Q CO 

Q a ^ 2: 5 
uj 5 ^ <c z> 



I 



5: m CO 



n 



O Q 

>- ^ — a. < 

" M UJ , 



I 



LU 



UJ 



q: 

_ UJ 
Q CD 



0 



r 



o 

m -i 
a: < 



S2SSz 
«^ tr UJ 52 

UJ ^ I— CO 

ce 0 m $ 



I 



r 



UJ p S 

UJ qI X 
CO >_ 

m 0^ cc 

uigO 
o ^ — ' 

a*- < 



n 



^ <: z ai 

m <^ 
"J O S 2: 

UJ :^ O rr 



co 



m 



O CO 




in — 
a: a: ,y oc 

< ?5 

CL q: ^ q: 

S UJ ?^ LU 



r 



82 



11 



EP0918274A2 



DATA.IN 

RANDOM 
NUMBER 
GENERATOR 



seed: 



EXPECTED 
FINGERPRINT 



FIRST LEVEL 

SIGNATURE 

GENERATOR 



I 



COMBINER 



I 



eos 



DATA 
ENCRYPTOR 



I 



ew 



SECOND 
LEVEL 
SIGNATURE 
GENERATOR 



6f2 




m 



FIRST LEVEL 

SIGNATURE 

GENERATOR 



FINGERPRINT 



COMPARATOR 

T 

MATCH SIGNAL 

FIG. 6 



12 



EP0918274A2 



A A 


A 


Csl 

o'o' 


o' 


z z 


z 


<: <: 


<c 


ac tr. 


q: 


V V 


V 


A A A 


A 


CM 

5 




1—' 




z 


a: oc :5 






a. 


Qc tt: V 




m LU A 


111 


o O 


CD 


z 


u. u. z 


U- 


V V — 
Of 


V 


A A o 


A 


TA M 

IGERI 


S 


TA. 


•< -< ^ 


<: 




Q 


V V ^ V 


V 


A A ^1 A 


A 






* * Z * 


• 










■< A "< 




Q Q O 
V V ^< V 


Q 


V 






- • oc • 




A A O- A 


A 


<X. CM, OC CM, 
1— »— ^ K- 


CM 


■<' 


1— 


<: S <c 


-< 


o o U. o 


o 


V V V V 


V 


A A A A 


A 


'"l "^1 '"l "^1 

<t <: <t 




Z' 


»— 1— h- 




<: <c *c «c 


<: 


o o o o 


o 


V V V V 


V 



13 



